Cyber Security Continuous Improvement: Do Something

May 15, 2013
Industrial cyber security concerns and tactics were woven throughout The Automation Conference 2013. A keynote session focused on the myth of air-gap protection, while members of the Ask the Experts Panel on Ethernet on the Plant Floor ended by answering questions about where to start with cyber security.

Eric Byres, CTO and vice president of engineering for Tofino Security Products, a Belden brand, warned attendees of The Automation Conference Tuesday that air gaps—physical gaps between control networks and business networks in manufacturing companies—are a myth. If people believe they have reliable air gaps, he said, that gives them “an unrealistic posture.”

“If you think you’re isolated at all, you’re kidding yourself,” Byres said. “There’s no process outside the nuclear industry that I’ve ever seen that’s properly isolated or truly isolated.”

Emphasizing that modern industrial control systems (ICS) or SCADA systems are only getting more complex, Byres said and that there are multiple potential ways into a plant system, and “focusing security efforts on a few obvious pathways—such as USB storage drives or the enterprise/ICS firewall—is a flawed defense.” He said that improving defense-in-depth strategies is the only realistic solution.

“You cannot stop traffic, but you can detect it quickly, isolate it, and deal with it,” Byres said. “You should know within seconds when an infected PC comes in. Just like the human body does—detect it, isolate it and neutralize it.”

Members of the Ask the Experts Panel on Ethernet on the Plant Floor fielded a number of technical questions during their track session, and ended with cyber security advice.

Rob McGreevy, vice president of platform and applications for Invensys Wonderware, urged listeners to have a set of documented security processes and educate the teams on it. “And stay on top of it,” he said. “Cyber security is a constant, evergreen process.” He also urged process engineers to “rely on your IT team; start internally and pull in resources from there.”

Eddie Lee, director of marketing for Ethernet hardware maker Moxa, agreed that cyber security is definitely a process. One bad practice and a key pitfall, he said, is “managing the outliers. People get caught up in the worst-case scenarios and get overwhelmed with how to secure everything. Then they do things like leave passwords on a Post-It note on the HMI screen. Take a practical approach to the process so it’s continually improving.”

Brian Oulton, director of marketing for Belden, who acquired Tofino Security a couple years ago, reminded attendees that “defense in depth, and a lot of what you see in the press on cyber security, is coming from the best of the best: the big companies, the high risk industries, the critical infrastructure. So cyber security gets scary.”  What he tells the Belden sales staff, he said, is that “if we talk too complex, customers will do nothing.  So talk simple and beg your customers to do something.”

Oulton followed his own advice and ended with this message for end users in industrial companies: “Don’t let the complexity make you freeze. Do something.”

Sponsored Recommendations

Understanding and Using E-Stops

E-stops, or emergency stop switches, are used to ensure machine as well as personnel safety. They are used to provide a consistent and predictable failsafe response on a wide ...

Demystifying motor disconnect switches: What are they and how are they used?

From conveyor belts to drum mixers, motors are used in virtually every industrial application to drive machinery. Equipment downtime is the main motivation behind monitoring and...

Full Line of DIN Rail Terminal Blocks Video

Altech offers an extensive line of DIN Rail Terminal Blocks including all major Connection Technologies available in the industry to meet requirements for a vast variety of applications...

The Value of Integrating DIN Rail Cylindrical Fuse Holders Into Your Designs

What short circuit currents do I have to consider when purchasing a DIN rail cylindrical fuse holder? That data is available from the manufacturer. For example, Altech cylindrical...